Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3

A vulnerability has be found in Splunk 4.0 - 4.3 that allows partial confidentiality and integrity violation, when a user click on a specifically crafted link that can disclose sensitive information to the attacker. Splunk recommend consumers upgrade to version 4.3.1 and to follow its hardening standard [3] to mitigate the risk of exploitation.

[1] http://www.splunk.com/view/SP-CAAAGTK
[2] http://www.splunk.com/download
[3] http://docs.splunk.com/Documentation/Splunk/latest/Admin/Hardeningstandards

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

414 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!